At Roost, we take security very seriously.
We have designed our devices and the Roost Cloud architecture to minimize the possibility of a malicious attack on your Roost devices or home Wi-Fi system. No system is “un-hackable” so we will not say that ours is. However, there is not a way for an outside actor (including Roost) to initiate contact with a Roost device that is on your Wi-Fi network. The Roost Cloud cannot “ping” or contact Roost devices, rather Roost devices initiate all contact with the Roost Cloud based on an internal clock and directions from the Roost Cloud given to the device upon the its last check in.
Also, because our devices are not connected to the internet except for a few seconds each day for check-in or during alarm events, malicious actors would have a hard time using the device to gain access to your Wi-Fi network, even if they could initiate contact with the device.
Here are some examples that may help you understand more about this architecture.
- The robust nature of our security design is why you cannot “request” an updated temperature or humidity reading from your leak detector via the Roost app. The app does not “talk” to the leak detector itself, rather it talks to the Roost Cloud. So, the Roost app communicates to the Roost Cloud, but the app has no control over the Roost Cloud contacting the device. The device itself initiates all contact with the Roost Cloud.
- When you change temperature or humidity settings in your Roost app, there will be a delay in when the leak detectors learns about this change. The Roost app communicates your change request to the Roost Cloud right away, but then the Roost Cloud needs to wait until the detector initiates a check-in to let the device know about this change.
For more on our security standards, please see our help center article: What can you tell me about the security and privacy of my data at Roost?